Privacy Policy

1. Data Controller

Khaolega is the data controller for personal data collected through our website and in the course of client engagements. The firm is registered with the Bar Council Malaysia and operates from Suite 22-1, Menara Maxis, Persiaran KLCC, 50088 Kuala Lumpur. You may direct any data protection enquiries to us at [email protected] or by telephone on +60 3-2161 8473.

---

2. What Personal Data We Collect

We collect personal data that you provide directly to the firm and, in limited circumstances, data that arises in the course of providing legal services.

Data provided by you

• Your name and contact details (email address, telephone number, postal address)
• The subject matter of your enquiry or instruction
• Correspondence and documentation you share with the firm
• Payment and billing information where a matter proceeds to engagement

Data arising from service delivery

• Notes, drafts, and written advice prepared in the course of a matter
• Records of consultations and communications
• Information relating to counterparties, where relevant to a contract review

Website and technical data

• IP address, browser type, and device information collected via server logs
• Pages visited and time spent, collected via cookies where you have consented

---

3. Legal Basis for Processing

We process personal data on the following grounds under the Personal Data Protection Act 2010:

• Performance of a contract — where processing is necessary to provide the legal services you have requested
• Legitimate interests — where processing is necessary to operate the firm's business, communicate with enquirers, or maintain records
• Legal obligation — where we are required to process or retain data by law, including applicable Bar Council regulations and anti-money laundering obligations
• Consent — for the use of non-essential cookies and for direct communications where you have opted in

---

4. How We Use Your Data

Personal data collected by the firm is used for the following purposes:

• Responding to initial enquiries and assessing whether the firm is able to assist
• Preparing and delivering the legal services described in our terms of engagement
• Managing billing, payments, and matter administration
• Meeting our professional obligations, including conflict-of-interest checks and regulatory compliance
• Maintaining secure records of matters handled in accordance with our retention policy
• Improving the quality of our services and the performance of this website

We do not use personal data for automated decision-making, profiling, or marketing purposes without your explicit consent.

---

5. Disclosure and Third Parties

We do not sell, rent, or share personal data with third parties for commercial purposes. Disclosure may occur in the following limited circumstances:

• To barristers, expert witnesses, or other professional advisers engaged in connection with a specific matter, with your knowledge
• To courts, regulatory bodies, or government agencies where disclosure is required by law or court order
• To service providers who support the firm's operations (such as document management or IT services) under appropriate data processing agreements
• To the Bar Council Malaysia or relevant professional body in the course of regulatory oversight

Where personal data is shared with third parties, we take reasonable steps to ensure it is handled with appropriate care and in accordance with applicable law.

---

6. Retention

Personal data is retained for as long as is necessary for the purpose for which it was collected, and thereafter in accordance with our professional obligations. Matter files are generally retained for a period of seven years following the conclusion of an engagement, unless a longer period is required by law or the nature of the matter. Website enquiry data that does not proceed to engagement is held for twelve months.

---

7. Security

The firm applies reasonable technical and organisational measures to protect personal data against unauthorised access, disclosure, or loss. These include encrypted email communications, access controls on matter files, and regular review of our information security practices. No transmission over the internet is entirely without risk, and we cannot warrant absolute security; we do, however, take our obligations in this regard seriously.

---

8. Your Rights

Under the Personal Data Protection Act 2010 (Malaysia), you have the right to:

• Request access to personal data we hold about you
• Request correction of inaccurate or incomplete data
• Withdraw consent for processing that is based on consent
• Request that we cease using your data for direct marketing

To exercise any of these rights, please write to us at [email protected] or by post to the address above. We will respond within a reasonable time and, in any event, within the period prescribed by applicable law.

---

9. Cookies

Our website uses cookies to support basic functionality and, where you have consented, to collect anonymised usage data. For a full description of the cookies in use and your options for managing them, please refer to our Cookie Policy.

---

10. Links to Other Websites

Our website may contain references or links to external resources. We are not responsible for the privacy practices or content of those sites and encourage you to review their privacy notices independently.

---

11. Changes to This Notice

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The date of the most recent revision is noted at the top of this page. Continued use of our website or services following a revision constitutes your acknowledgement of the updated notice.

---

12. Contact and Complaints

If you have a question or concern about how we handle your personal data, please contact the firm at [email protected] or +60 3-2161 8473. If you are not satisfied with our response, you may refer the matter to the Department of Personal Data Protection Malaysia (JPDP) at www.pdp.gov.my.